steve
|
|
Banning a site from Grex; a discussion of when to do this
| 
Nov 30 17:18 UTC 1998 |
I have just done something that I've never done before on
Grex, which is to block an entire site from Grex. I find this
sufficiently disturbing that I think we should talk about it
here in coop, as a matter of policy.
I'll say right here that I sincerely hope that this is not
a permenent solution, and perhaps the readers of coop will have
some ideas about this, in general.
This site in question is a technical school in India; I don't
think the exact name of it is relevant, but if people want I'll
say it. This site has been the source of four fork bomb attacks
that I know of in the last three months. There are a great many
users from this site during Asian awake hours, and unforunately,
their IP address has become more and more noticed, every time I
sent out mail asking that graphical files not be downloaded, or
responding to a harassment request, etc. [Aftword: at least four
fork bombs--there could have been more (sfa)]
The fork bomb incidents are what bother me the most, and have
crippled Grex during those periods. Just today, Monday 11/30 when
I checked the system I saw a load average of 77 (ten times higher
than normal) and it was yet another fork bomb from this particular
site. This particular bomb ran for approximately 1:40, from 10AM
to 11.40AM.
Normally, when staff finds something like this, staff will
first kill the bomb (or reboot if truely nasty) then disable
the particular tool, then contact the site's administrators where
the vandal came from to tell them about this.
This particular site is different, in that this is a gateway
of some kind, and I've yet been able to get a response from whom
I believe are the administrators of the site. Further, in eight
requests from various people from this site about a contact email
address, only one was willing to give me something--the others
refused. I found that unusual.
I have never seen this behavior before. ANY site with a large
number of people coming in from it is going to have problems,
obviously. At each UM football game there are nn people arrested,
nn people with heart attacks, etc. Bad things happen with any
clump of people. But in this particular case, there are incidents
that hurt Grex--the fork bombs--and I can't get a response from
the people who maintain the site, the site doesn't offer 'ident'
information so we can't know who is who from that address, and
given the number of fork bombs (and importation of other various
vandal tools), I'd have to say that the good-to-vandal ratio
from this site is far lower than others. Please believe me when
I say I am distressed to say this.
Obviously, we will try to contact the site administrators further
and we will succeed, eventually. But I'd like feedback from the
community about the action taken here. Before I did this I talked
to one other staffer, who agreed that blocking was a reasonable
measure in the short term.
I'm beginning to think Grex needs a new position, one of
"Grex ambassador", someone who is able to talk to staff about
technical issues, but whose main job is to contact other sites
about problems, and let that be their main task for Grex. Still,
it doesn't solve the immediate problem of what to do, right now.
I have never done this before. I've never felt the need to.
But given the impact of a fork bomb (and remember, its affects
go on, after it stops, as mail then floods in that couldn't before)
I think I am acting in Grex's best interest.
Ideas would be welcome.
|